Natural gas infrastructure isn’t just vulnerable to wayward shovels and poorly planned construction projects and that is what Ohio Homeland Security’s Critical Infrastructure program is here for. In this article, we will go through some examples of the threats posed to natural gas infrastructure by criminal and terroristic threat actors- both groups seeking to deliberately and unlawfully damage our nation’s natural gas infrastructure for their own purposes.

Starting with a picture of our physical security threats, we have a mix of theft, vandalism, tampering, and sabotage incidents. With natural gas being a subsector of the energy sector- which is one of our nation’s lifeline sectors of critical infrastructure- natural gas systems are an attractive target for malicious actors willing to commit criminal acts and/or violence to achieve their financial, political, or ideological goals. Natural gas assets in rural Ohio are especially vulnerable due to their remote nature, lack of security, single points of failure, and longer response times from local law enforcement in the event of a targeted attack.

Energy infrastructure is a target for domestic violent extremist (DVE) groups that are motivated by a wide range of ideologies, although physical attacks against the natural gas subsector are mainly perpetrated by environmental rights extremists. See some examples of these issues below:

  • January of 2022, an individual, in an attempt to fight capitalism and climate change, tried to detonate an explosive device to destroy a section of the Permian Highway Pipeline in Hays County, Texas. The attempt was unsuccessful due to a “design flaw” in the device. Shortly after the attempt, the bomber turned himself in to authorities. 1
  • In December 2020, representatives of “Earth First”, a self-described “radical environmental movement”, vandalized a natural gas line in Colorado, leaving 3,500 people without heat or hot water. 2
  • In 2021, the novel, How to Blow Up a Pipeline, was published. This book embraced the belief that sabotage and destruction of fossil fuel infrastructure was necessary once peaceful climate activism failed to produce results. In 2023, a movie adaptation was released, which told a fictional story of a group of individuals who sabotaged a U.S. federal oil pipeline in the name of climate activism. 3

As for an overview of the cybersecurity threats posed to natural gas, we see a mix of ransomware, Distributed Denial of Service (DDoS), botnet, and more. Cyber threat actors (aka, ‘hackers’) have varying motives that range from financial gain to deeper levels of sabotage and espionage. Cyber-attacks against energy and natural gas infrastructure happen every day at a rate much higher than physical incidents, using constantly evolving tactics and techniques. These attacks are projected to continue occurring regularly. As for some examples:

  • Volt Typhoon, a People’s Republic of China (PRC) state-sponsored cyber threat group, is increasingly targeting critical infrastructure. Between August and September of 2023, Volt Typhoon attempted at least 14 times to connect to various IP addresses of a U.S. electric and natural gas provider. 4
  • In 2021, the Colonial Pipeline Company USBUS proactively shut down its pipeline system in response to a ransomware attack from PRC cyber actors targeting its IT networks and industrial control systems. This incident caused significant operational disruptions for approximately a week and induced panic among the population. 5

The People’s Republic of China also poses a unique risk to the U.S. and its critical infrastructure. China is seeking to become a global hegemon, developing ways to strengthen their position through social engineering and subterfuge. In the event of a major conflict, civilian infrastructure is a key target for Chinese forces, natural gas being one of their prime targets. Below are some comments from federal agency leadership on this issue:

  • FBI Director Christopher Wray appeared before the House Select Committee on the Chinese Communist Party and discussed the PRC threat, “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,”. 6
  • Jen Easterly, CISA Director, told an audience at the Aspen Institute in Washington, “In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to include pipelines and rail lines to delay military deployment and to induce societal panic”. 7

If you are interested in hearing more about this subject, OHS has a more in-depth product available to energy affiliated partners.
Reach out to SAICIP@dps.ohio.gov for more information!
Please report any suspicious activity, or threats related to critical infrastructure to
the STACC at STACC@dps.ohio.gov or the 24/7 Statewide Tip line 877-OHS-INTEL (647-4683).

  • (U) KSAT. “Man sentenced to prison for trying to blow up pipeline in Central Texas” 3 February 2023.
    https://www.ksat.com/news/texas/2023/02/03/man-sentenced-to-prison-for-trying-to-blow-up-pipeline-in-central-texas/.
    (Accessed 22 August 2024).

  • (U) American Experiment. “Thousands Without Heat as Colorado Eco-Terrorists Attack Natural Gas Line”. 4 January 2021. https://www.americanexperiment.org/thousands-without-heat-as-colorado-eco-terrorists-attack-natural-gas-line/. (Accessed 6 August 2024).

  • (U) Rolling Stone. “‘How to Blow Up a Pipeline’: FBI Sends Terrorism Warning” 21 April 2023.
    https://www.rollingstone.com/politics/politics-news/pipeline-movie-fbi-terrorism-hollywood-1234717269/. (Accessed 19 September 2024).

  • (U) Reuters. “What is Volt Typhoon, the Chinese hacking group the FBI warns could deal a ‘devastating blow’?”. 19 April 2024. https://www.reuters.com/technology/what-is-volt-typhoon-alleged-china-backed-hacking-group-2023-05-25/.
    (Accessed 19 September 2024).

  • (U) CISA. “The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years” 7 May 2023. (Accessed 15 August 2024).

  • (U) FBI. “Chinese Government Poses ‘Broad and Unrelenting’ Threat to U.S. Critical Infrastructure, FBI Director Says” 18 April 2024. https://www.fbi.gov/news/stories/chinese-government-poses-broad-and-unrelenting-threat-to-u-s-critical-infrastructure-fbi-director-says. (Accessed 19 August 2024).

  • (U) Homeland Security Newswire. “U.S. Critical Infrastructure May Not Be Resilient Enough to Fend Off, Survive Chinese Cyberattacks: CISA Director” 13 June 2024. https://www.homelandsecuritynewswire.com/dr20230613-u-s-critical-infrastructure-may-not-be-resilient-enough-to-fend-off-survive-chinese-cyberattacks-cisa-director (Accessed 19 August 2024).

OHIO811 has been a longstanding partner to OHS. We welcome and appreciate the continued engagement and collaboration as we expand our network of resources to effectively support our partners goals and protection of the State of Ohio. To learn more about OHS programs and resource capabilities visit: https://homelandsecurity.ohio.gov/home

This article was written by:
Amelia Moore
To learn more about Ohio Homeland Security, please contact:
Amelia Moore, Critical Infrastructure Analyst, 614-824-0110

© Copyright - Ohio Utilities Protection Service | Terms of Use